# 操作系统账号事件(登录、注销、新增、删除、软件安装) # 主函数 Main # @param string $str not null # @param string $code not null # # Description: # 设置登录事件的任务计划时,必须传递这两个参数 # #region get-serverip 获取IP function get-serverip { $serverip=gwmi win32_networkadapterconfiguration | ?{$_.IPAddress -ne $null -and $_.dhcpenabled -eq $false -and {$_.IPEnabled}} | %{$_.IPAddress} if(($serverip.gettype()).isarray) { return $serverip[0] } else { return $serverip } } #endregion #region Send-Mail 发送邮件 function Send-Mail($Subject,$Body) { $password = ConvertTo-SecureString 'password' -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential('account',$password) $SmptServer="<A href="http://bxing.net" target=_blank>mail.xx.com.cn</A>" <A href="mailto:$From='a@xx.com.cn'" target=_blank>$From='a@xx.com.cn' </A> $To="test@xx.com.cn" #抄送 #$Cc="cc@xx.com.cn" $encode=[System.Text.UTF8Encoding]::UTF8 Send-MailMessage -SmtpServer $SmptServer -Credential $Credential -From $From -to $To -Encoding $Encode -Body $Body -Subject $Subject -Priority High -BodyAsHtml } #endregion #region cut-string 裁剪字符串 function cut-string { param( $str, $start, $end ) return $str.substring($str.indexof($start),$str.indexof($end)-$str.indexof($start)) } #endregion #region get_login_user 获取登录账户 #return string function get_login_user { $users=query user $lists=New-Object system.Collections.ArrayList for($i=1;$i -lt $users.Count;$i++) { $user = $users[$i] -replace(' ',' ') while($user.indexof(' ') -gt 0) { $user = $user -replace(' ',' ') } if($user.indexof(' ') -eq 0 -or $user.indexof('>') -eq 0) { $user=$user.substring(1) } $user=$user -split(' ') $list=New-Object psobject #$time=$user[5]+" "+$user[6] Add-Member -Name name -Value $user[0] -MemberType NoteProperty -InputObject $list Add-Member -Name status -Value $user[3] -MemberType NoteProperty -InputObject $list #Add-Member -Name time -Value $time -MemberType NoteProperty -InputObject $list $lists+=@($list) } $loginUser = $lists | ?{$_.status -eq '运行中'} | select name foreach($userName in $loginUser) { if($userNames -eq $null) { $userNames=$userName.name } else { $userNames=$userNames + ',' + $userName.name } } return $userNames } #endregion #region Login-Succ-Notice 成功登录事件 function Login-Succ-Notice { $loginInfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4624} | select timecreated,message if($loginInfo -eq $null) { break } if(($loginInfo.gettype()).isarray) { $time=$loginInfo[0].timecreated $message=$loginInfo[0].message } else { $time=$loginInfo.timecreated $message=$loginInfo.message } |